[Snort-devel] preprocessor flow-portscan
kevmcs11 at ...398...
Wed Feb 4 12:09:01 EST 2004
With the direction of Chris Green I've been trying
to track down a 'bug' in flow-portscan alert-mode all.
While in alert mode all, it seems the alert_flag
variable is never being reset after the first alert.
After some debugging any value set in the function
flowps_reset_alert_flags in flowps.c on the variable
alert_flags does not stay set. I have tried setting
alert_flag = & sep->alert_flags (via Chris)
and passing it by reference to no avail. Is anyone
using alert-mode all, and if so do you see similar
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
More information about the Snort-devel